Hi all,

Firstly thanks for being patient yesterday with the site going down. We found out what was wrong fairly quickly, but what took time was sorting out all the logs and tracking down who to report this to. For now we have just upgraded to a newer version of the forum software for a few days, which should be secure for you to use until we decide whether we are going to stay here or use a different board. There's only 1 week of BB left, so we will decide after final night evictions.

So for this last week, features we added such as Karma won't be working. We thought it was important to get a working version of the forum back online so people can keep posting, than keep it down while we are deciding what to do next.

The database was viewable for about an hour, and as such email addresses, encrypted passwords and U2Us were viewable for this time. At this time we aren't releasing too much information on who the people were until we hear back from some places, but it was a few people from another website, and then 1 new TiBB member who had access. The passwords are encrypted with MD5, which is a one way process of encrypting your password. So whoever saw the passwords would see something such as 554y3g5bf9108cd896f33c44aedc. As some people are likely to have had bad passwords security wise, or used the same password for other things, this is what I recommend:

==================
If you had a secure password, eg. vpj48oju3 or blt34hhx and this password was only used on ThisisBigBrother.com, there's not much to worry about. I'd strongly advise changing your password on TiBB though to something else that is unique.

==================
If you had a password which isn't complicated, eg. Villa, Australia, and this password was used on TiBB only, it's not the worst case scenario. At worst, if your password was found out people would only gain access to your TiBB account, and a mod or admin would sort it out fairly quick. You MUST change your password however, to make sure you are safe.

==================
If you had a secure password, eg. adb389hfs or 309fdnoaa, but you used the same password on other websites, the fact that the password is a random string will be enough to make sure your password isn't findable. You should definitely change your passwords so that your TiBB one is unique and different to other websites.

==================
If your password isn't very compliated, eg. apple, xfactor, and this password was used on other websites, this is where our main concern is. MD5 encryption is a one-way process of changing your password into a series of letters and numbers, however a lot of the 'more common' words are available on the internet. You should IMMEDIATLY change your TiBB password to a combination of letters and numbers, and for security change the password on the other accounts you had linked with that password. Just make sure your email password is unique, and not something anyone could ever guess.



A few people emailed me yesterday and said they use the same password for a few sites, and couldn't remember their TiBB one and could I email it to them. The answer here is no! The passwords are stored as as random letters and numbers and we aren't able to tell what they are. For security, just after you have read this change your TiBB password immediatly, and any other e-mail accounts associated which you think might have a weak password on.

If any of you are locked out your forum account and are reading this, please either use the password request feature or send me an email mark AT thisisbigbrother . com, but only send an email from the email address registered to your account, or I'll assume it's not genuine and won't reply.

For now, I can only say that we are sorry for all this aggro. Unfortunatly no amount of apologising can take what has happened back, so all we can do is work on making the site more secure - which is currently our top priority. Please make sure you change your passwords right now, and you can get back to posting as normal! Also incsase this were to ever happen again, please make sure you don't keep any personal information in your U2U's such as your home address or phone number. As I mentioned before, a few of the features which James and I have added in the past aren't available for a bit, but they'll be making a comeback soon.

If you have any questions, you can ask us in this thread, or if it's more private just send us a U2U.

I have a U2U from myself, is it safe to read? just seems weird.. or am i safer to delete it?

it says i have 7 U2U's but there is only one post in there that is unread and that apparently is from me

The whole site is completely weird for me!

It says I have 7 U2U's, and there is non :conf:

and the posts on the side have gone, and avs and sigs are gone :S

Hold that thought, my banner and sig have magically appeared, it's the [ b ] stuff in the personal message and shizz?

The whole site is completely weird for me!

It says I have 7 U2U's, and there is non :conf:

and the posts on the side have gone, and avs and sigs are gone :S

I said some stuff was missing in my post :blush:

It'll be back in a day or two..

Will fix the problems with U2U's also, just ignore them for now.

The whole site is completely weird for me!

It says I have 7 U2U's, and there is non :conf:

and the posts on the side have gone, and avs and sigs are gone :S

i found all 7 U2U's and they are dotted around my U2U messages with dates back in 07, seems strange

Ohh, I will scan back! Ta!

Also, where are the icons and stuff? and how come the post counts are the actual count? Xx

Ohh, I will scan back! Ta!

Also, where are the icons and stuff? and how come the post counts are the actual count? Xx

Because stuff hasn't been added back yet! :laugh:

cheers marc, missed this site lol

Clue:

The post count of the member who shares the same name as a UK city 256 miles from Torquay

Yeah, this is a more basic version of the forum which we have had to install for now.

Most of the changes we've done over the last few years will have to be redone...

Here is a partial list of what has gone...

bbcode custom statuses
spoiler mod
youttube
forum icons
forum categories
sidebar
cellover effect
custom themes
award system
ignore
rss feed
avatar upload / gallery
fav housemates
karma

:dance:

at least its back! :D

Haha ok! I will shush now! :tongue:

Gutted about the karma! :bawling:

Took me like, almost 2 years! Xx

We know it isn't your fault anyway but say my password is the same here as an email address where there is no trace of it on the forum is it still affected? Like the one I registered with I couldn't give a sh*t about, but is my proper one at any kind of very low risk (which isn't even on the site in any way shape or form)? As well as that, what about other websites that again aren't listed on here?

I really love the new thread icons.

I have 112 New U2U's lol

I am looking forward to the custom status thing to come back. :blush: < I love that smiley!

Has the
Hide the banner control gone?

We know it isn't your fault anyway but say my password is the same here as an email address where there is no trace of it on the forum is it still affected? Like the one I registered with I couldn't give a sh*t about, but is my proper one at any kind of very low risk (which isn't even on the site in any way shape or form)? As well as that, what about other websites that again aren't listed on here?

Not if there's any trace of it to this forum nope. I'd think about changing it anyway just to be safe when you get the chance.

Tom unless it's the email address you signed up here with, it won't be affected. However; when you signed up for the email address you couldn't give a **** about - you may have entered an "alternate email address" (whereby if you lose your password it's sent there) - if you set it up with an alternate email address - change all of your passwords.

(At least, that's what I think - James or Mark may say otherwise).

Ah thats good then, thanks :) I change them every now and again anyway so its not a problem really

I can't read my 46 new u2u's :bawling::bawling:

We know it isn't your fault anyway but say my password is the same here as an email address where there is no trace of it on the forum is it still affected? Like the one I registered with I couldn't give a sh*t about, but is my proper one at any kind of very low risk (which isn't even on the site in any way shape or form)? As well as that, what about other websites that again aren't listed on here?

No, it is only the one you have registered here that is affected. And then, we believe, only if it is not a 'strong' password with random letters etc.

Tom unless it's the email address you signed up here with, it won't be affected. However; when you signed up for the email address you couldn't give a **** about - you may have entered an "alternate email address" (whereby if you lose your password it's sent there) - if you set it up with an alternate email address - change all of your passwords.

(At least, that's what I think - James or Mark may say otherwise).

its my MSN account, I've already changed that password anyway and my alternate email address is an old one I can't access anyway :tongue:

hi :)

tom come on msn

wow this is pretty crazy. Anyway yeah, I hope the site can return to normal ASAP. :thumbs:

ahhh it seems all weird!

Glad to be back :blush:

them people better be brought to justice because tbh i don't appreciate my account being hacked and having to change all of my passwords.

same here, they probably look like this;

http://hotbiscuits.files.wordpress.com/2008/12/nerd-46422.jpg

Ive changed my password and just glad we are back

Delighted were back
i was getting TIBB withdrawl sympotems!:laugh:
wow we get to see our ACTUAL post count:shocked:

:
wow we get to see our ACTUAL post count:shocked:

haha just noticed :laugh:

Glad we are back online :cat:

Im guessing Me and all the other mods will get their status back as of right now Marcjwsp is the only mod..

Mark - the U2U just takes me to 'website cannot be found' - is this normal until you get it all sorted?

Thanks for all the great work getting it sorted!!!!!

U2U's are being worked on, expect them back tomorrow :blush:

Thanks Mark! :wavey:

I hardly post here so I was surprised how much I missed it! Thanks for getting it back up (that came out wrong eep!) :P

http://www.cheesebuerger.de/smiliegenerator/ablage/474/452.png everyone! :colour:

http://www.cheesebuerger.de/images/smilie/froehlich/s005.gifhttp://www.cheesebuerger.de/images/smilie/froehlich/s005.gif

Hey Kaz!!

Kaz
is there a way to turn the banners off?

:wavey: Bradley.

It's great to be back .......... :cheer:

Welcome back TiBbers.

I was clicking on tibb every half hour or so to see if it was back :blush:

Kaz
is there a way to turn the banners off?

Sorry, not at the moment. That must be one of the new features that Mark or James added.

I'll let them know that this is yet another job they have to do.

Will it all be sorted in a week or so when BB is over??

I was clicking on tibb every half hour or so to see if it was back :blush:

I refresed it every second. Near enough,

Glad we're back, its looking very different ATM!

Kaz
is there a way to turn the banners off?

Sorry, not at the moment. That must be one of the new features that Mark or James added.

I'll let them know that this is yet another job they have to do.


thanks for letting me know.

:conf:Im back on? I thought i got banned for some reason.

yay! nothing has happened to me tbh. is the Non-bb thing gone then too? :(

I'm guessing James is pretty pissed off right about now..

I hope yer payin him overtime Mark ;)

Nice to see that the forum is back up.

Welcome back yourselves and thanks for the explanation and for your advice. Missed the site very much last night and glas it's back. Much the best.:dance:

Hey, well done getting it up and running again. I had every faith. Nice to see it back, thanks.

This is ridiculous and totally irresponsible. My password is one that I have used since I stated using the web and even before then. I use it on nearly every site I visit including internet banking the only difference being 3 digits are added to the end of it on some accounts. I'm not changing it for anyone, that always has been and always will be my password. FFS how poor must the security have been on this site for this to happen, If I suddenly find my email address and password have been used to access my accounts and take money and buy goods I shall take legal advice and seek compensation through the courts. Luckily my bank card has just expired and I have to register a new one with everyone I deal with so no one can use any of my accounts at the moment, but even so this is intolerable. WE HAVE A RIGHT TO KNOW WHO IS RESPONSIBLE. NOW, NOT IN IN THE FUTURE!!!

This is ridiculous and totally irresponsible. My password is one that I have used since I stated using the web and even before then. I use it on nearly every site I visit including internet banking the only difference being 3 digits are added to the end of it on some accounts. I'm not changing it for anyone, that always has been and always will be my password. FFS how poor must the security have been on this site for this to happen, If I suddenly find my email address and password have been used to access my accounts and take money and buy goods I shall take legal advice and seek compensation through the courts. Luckily my bank card has just expired and I have to register a new one with everyone I deal with so no one can use any of my accounts at the moment, but even so this is intolerable. WE HAVE A RIGHT TO KNOW WHO IS RESPONSIBLE. NOW, NOT IN IN THE FUTURE!!!

To be honest, that's your own stupid fault for using the same password on a friendly, big brother internet forum that can be accessed by anyone... to a bank account that people can use your money with! Anyone with a sense of a brain should be able to work that one out!

I have 5 different passwords I use all over the internet, it's not hard to remember 5. Then if you ever forget, just put them in 1 after another and one is bound to work! Simples! Xx

This is ridiculous and totally irresponsible. My password is one that I have used since I stated using the web and even before then. I use it on nearly every site I visit including internet banking the only difference being 3 digits are added to the end of it on some accounts. I'm not changing it for anyone, that always has been and always will be my password. FFS how poor must the security have been on this site for this to happen, If I suddenly find my email address and password have been used to access my accounts and take money and buy goods I shall take legal advice and seek compensation through the courts. Luckily my bank card has just expired and I have to register a new one with everyone I deal with so no one can use any of my accounts at the moment, but even so this is intolerable. WE HAVE A RIGHT TO KNOW WHO IS RESPONSIBLE. NOW, NOT IN IN THE FUTURE!!!

To be honest, that's your own stupid fault for using the same password on a friendly, big brother internet forum that can be accessed by anyone... to a bank account that people can use your money with! Anyone with a sense of a brain should be able to work that one out!

I have 5 different passwords I use all over the internet, it's not hard to remember 5. Then if you ever forget, just put them in 1 after another and one is bound to work! Simples! Xx

Spot on nicky

This is ridiculous and totally irresponsible. My password is one that I have used since I stated using the web and even before then. I use it on nearly every site I visit including internet banking the only difference being 3 digits are added to the end of it on some accounts. I'm not changing it for anyone, that always has been and always will be my password. FFS how poor must the security have been on this site for this to happen, If I suddenly find my email address and password have been used to access my accounts and take money and buy goods I shall take legal advice and seek compensation through the courts. Luckily my bank card has just expired and I have to register a new one with everyone I deal with so no one can use any of my accounts at the moment, but even so this is intolerable. WE HAVE A RIGHT TO KNOW WHO IS RESPONSIBLE. NOW, NOT IN IN THE FUTURE!!!

To be honest, that's your own stupid fault for using the same password on a friendly, big brother internet forum that can be accessed by anyone... to a bank account that people can use your money with! Anyone with a sense of a brain should be able to work that one out!

I have 5 different passwords I use all over the internet, it's not hard to remember 5. Then if you ever forget, just put them in 1 after another and one is bound to work! Simples! Xx
Pretty much this.

Using the same password on a message board that you use for your bank account is beyond idiotic. At least change your email password, so that they won't get access to your other stuff.

This is ridiculous and totally irresponsible. My password is one that I have used since I stated using the web and even before then. I use it on nearly every site I visit including internet banking the only difference being 3 digits are added to the end of it on some accounts. I'm not changing it for anyone, that always has been and always will be my password. FFS how poor must the security have been on this site for this to happen, If I suddenly find my email address and password have been used to access my accounts and take money and buy goods I shall take legal advice and seek compensation through the courts. Luckily my bank card has just expired and I have to register a new one with everyone I deal with so no one can use any of my accounts at the moment, but even so this is intolerable. WE HAVE A RIGHT TO KNOW WHO IS RESPONSIBLE. NOW, NOT IN IN THE FUTURE!!!

To be honest, that's your own stupid fault for using the same password on a friendly, big brother internet forum that can be accessed by anyone... to a bank account that people can use your money with! Anyone with a sense of a brain should be able to work that one out!

I have 5 different passwords I use all over the internet, it's not hard to remember 5. Then if you ever forget, just put them in 1 after another and one is bound to work! Simples! Xx
Pretty much this.

Using the same password on a message board that you use for your bank account is beyond idiotic. At least change your email password, so that they won't get access to your other stuff.

How dare you call me idiotic after the fck up this site has made, The only idiotic thing I did was join a crummy forum that didn't have tight enough security, putting everyone at risk! No one can access my bank account anyway, it needs 2 Pin numbers and my password which is not exactly the same as on here. My email password is also not the same as on here, it has extra characters on the end. The accounts that are at risk are those I use for internet shopping. As far as I'm concerned this site has not only put me at risk but EVERYONE who's joined it, so unless you are connected with it why the hell are you defending it? We ALL have a right to know who is responsible, otherwise we're not being shat upon once but twice. IF THIS SITE HAS PUT ME AT RISK I WANT TO KNOW NOW WHO I'M AT RISK FROM. EVERYONE HAS A RIGHT TO KNOW!!!

This is ridiculous and totally irresponsible. My password is one that I have used since I stated using the web and even before then. I use it on nearly every site I visit including internet banking the only difference being 3 digits are added to the end of it on some accounts. I'm not changing it for anyone, that always has been and always will be my password. FFS how poor must the security have been on this site for this to happen, If I suddenly find my email address and password have been used to access my accounts and take money and buy goods I shall take legal advice and seek compensation through the courts. Luckily my bank card has just expired and I have to register a new one with everyone I deal with so no one can use any of my accounts at the moment, but even so this is intolerable. WE HAVE A RIGHT TO KNOW WHO IS RESPONSIBLE. NOW, NOT IN IN THE FUTURE!!!

To be honest, that's your own stupid fault for using the same password on a friendly, big brother internet forum that can be accessed by anyone... to a bank account that people can use your money with! Anyone with a sense of a brain should be able to work that one out!

I have 5 different passwords I use all over the internet, it's not hard to remember 5. Then if you ever forget, just put them in 1 after another and one is bound to work! Simples! Xx
Pretty much this.

Using the same password on a message board that you use for your bank account is beyond idiotic. At least change your email password, so that they won't get access to your other stuff.

How dare you call me idiotic after the fck up this site has made, The only idiotic thing I did was join a crummy forum that didn't have tight enough security, putting everyone at risk! No one can access my bank account anyway, it needs 2 Pin numbers and my password which is not exactly the same as on here. My email password is also not the same as on here, it has extra characters on the end. The accounts that are at risk are those I use for internet shopping. As far as I'm concerned this site has not only put me at risk but EVERYONE who's joined it, so unless you are connected with it why the hell are you defending it? We ALL have a right to know who is responsible, otherwise we're not being shat upon once but twice. IF THIS SITE HAS PUT ME AT RISK I WANT TO KNOW NOW WHO I'M AT RISK FROM. EVERYONE HAS A RIGHT TO KNOW!!! Calm the fcuk down!

We wont be allowed to know ****, cause I think it may be a police matter (hacking websites and taking passwords is against the law, especially from minors) so....we probably aint allowed to know anything due to that side of things

Now maybe you can go get your self some hot chocolate and some chill pills, yeah?

Yayy its back:dance2:

This is ridiculous and totally irresponsible. My password is one that I have used since I stated using the web and even before then. I use it on nearly every site I visit including internet banking the only difference being 3 digits are added to the end of it on some accounts. I'm not changing it for anyone, that always has been and always will be my password. FFS how poor must the security have been on this site for this to happen, If I suddenly find my email address and password have been used to access my accounts and take money and buy goods I shall take legal advice and seek compensation through the courts. Luckily my bank card has just expired and I have to register a new one with everyone I deal with so no one can use any of my accounts at the moment, but even so this is intolerable. WE HAVE A RIGHT TO KNOW WHO IS RESPONSIBLE. NOW, NOT IN IN THE FUTURE!!!

To be honest, that's your own stupid fault for using the same password on a friendly, big brother internet forum that can be accessed by anyone... to a bank account that people can use your money with! Anyone with a sense of a brain should be able to work that one out!

I have 5 different passwords I use all over the internet, it's not hard to remember 5. Then if you ever forget, just put them in 1 after another and one is bound to work! Simples! Xx
Pretty much this.

Using the same password on a message board that you use for your bank account is beyond idiotic. At least change your email password, so that they won't get access to your other stuff.

How dare you call me idiotic after the fck up this site has made, The only idiotic thing I did was join a crummy forum that didn't have tight enough security, putting everyone at risk! No one can access my bank account anyway, it needs 2 Pin numbers and my password which is not exactly the same as on here. My email password is also not the same as on here, it has extra characters on the end. The accounts that are at risk are those I use for internet shopping. As far as I'm concerned this site has not only put me at risk but EVERYONE who's joined it, so unless you are connected with it why the hell are you defending it? We ALL have a right to know who is responsible, otherwise we're not being shat upon once but twice. IF THIS SITE HAS PUT ME AT RISK I WANT TO KNOW NOW WHO I'M AT RISK FROM. EVERYONE HAS A RIGHT TO KNOW!!!
I never called you idiotic, I said what you did was idiotic. There's a difference you know.

Yeah, this is a more basic version of the forum which we have had to install for now.

Most of the changes we've done over the last few years will have to be redone...

Here is a partial list of what has gone...

bbcode custom statuses
spoiler mod
youttube
forum icons
forum categories
sidebar
cellover effect
custom themes
award system
ignore
rss feed
avatar upload / gallery
fav housemates
karma


Do you know how long it will take to restore these features assuming that is going to happen. Also if you are taking this forum elsewhere what happens to all our past posts, will they go as well or will it be a year Zero type scenario?

Yeah, this is a more basic version of the forum which we have had to install for now.

Most of the changes we've done over the last few years will have to be redone...

Here is a partial list of what has gone...

bbcode custom statuses
spoiler mod
youttube
forum icons
forum categories
sidebar
cellover effect
custom themes
award system
ignore
rss feed
avatar upload / gallery
fav housemates
karma


Man, you guys must be pissed :shocked:

Also if you are taking this forum elsewhere what happens to all our past posts, will they go as well or will it be a year Zero type scenario?

Everything will be transferred over.

The other fix we have lost is the way this forum handles mail notifications. Prior to hack you just got one per thread until you visited that thread, to avoid people's mail boxes being filled up if a thread they were subscribed to got very busy.

Hello:xyxwave:

Frdiay night wasn't the same :bawling:

This is ridiculous and totally irresponsible. My password is one that I have used since I stated using the web and even before then. I use it on nearly every site I visit including internet banking


You're right, that is highly irresponsible.

Well, thank you guys :tongue: I don't think this guy agrees though! aha Xx

This is ridiculous and totally irresponsible. My password is one that I have used since I stated using the web and even before then. I use it on nearly every site I visit including internet banking the only difference being 3 digits are added to the end of it on some accounts. I'm not changing it for anyone, that always has been and always will be my password. FFS how poor must the security have been on this site for this to happen, If I suddenly find my email address and password have been used to access my accounts and take money and buy goods I shall take legal advice and seek compensation through the courts. Luckily my bank card has just expired and I have to register a new one with everyone I deal with so no one can use any of my accounts at the moment, but even so this is intolerable. WE HAVE A RIGHT TO KNOW WHO IS RESPONSIBLE. NOW, NOT IN IN THE FUTURE!!!

To be honest, that's your own stupid fault for using the same password on a friendly, big brother internet forum that can be accessed by anyone... to a bank account that people can use your money with! Anyone with a sense of a brain should be able to work that one out!

I have 5 different passwords I use all over the internet, it's not hard to remember 5. Then if you ever forget, just put them in 1 after another and one is bound to work! Simples! Xx
Pretty much this.

Using the same password on a message board that you use for your bank account is beyond idiotic. At least change your email password, so that they won't get access to your other stuff.

How dare you call me idiotic after the fck up this site has made, The only idiotic thing I did was join a crummy forum that didn't have tight enough security, putting everyone at risk! No one can access my bank account anyway, it needs 2 Pin numbers and my password which is not exactly the same as on here. My email password is also not the same as on here, it has extra characters on the end. The accounts that are at risk are those I use for internet shopping. As far as I'm concerned this site has not only put me at risk but EVERYONE who's joined it, so unless you are connected with it why the hell are you defending it? We ALL have a right to know who is responsible, otherwise we're not being shat upon once but twice. IF THIS SITE HAS PUT ME AT RISK I WANT TO KNOW NOW WHO I'M AT RISK FROM. EVERYONE HAS A RIGHT TO KNOW!!!

Well to start with, I think only about 99% of people use the same password on both, so it's themselves they're putting at risk! You wouldn't go around tesco with your card to your bank, then scatter them all over the floor? Then type in the code at the checkout... where anyone could be looking! Then they run away with your card and use alllll your money!! Bit exaggerated on my behalf, but it's pretty much the same principle! It's not up to the mods to tell you not to use a personal password, they leave that up to you.... they would expect you to realise that :rolleyes:

and um, I'm not defending anyone! I'm mates with Mark, and I know this wasn't his fault... or James'! It's just one of them things!

and if they actually can't access your internet bank account, why did you make such a fuss? I wouldn't be the boy who called wolf if I were you. If you are that annoyed with TiBB, just go! xD It's not hard not to type the URL in the search bar :3

Xx

I must point out, the forum seems to be running much quicker! Or maybe it's just my dodgy net having a good day? Xx

and um, I'm not defending anyone! I'm mates with Mark, and I know this wasn't his fault... or James'! It's just one of them things!

and if they actually can't access your internet bank account, why did you make such a fuss? I wouldn't be the boy who called wolf if I were you. If you are that annoyed with TiBB, just go! xD It's not hard not to type the URL in the search bar :3
Xx

Haha I love the xx at the end :laugh::tongue:
And yes, I agree with you there, bit silly using the same password for your bank, and it's not Mark or Jame's fault this all happened

I used to run a forum with 15,000 members. The forum used was Invision but the security issues were the same. May I just outline the following;

1. The password problem is being misunderstood. The hackers did not see your password, they saw an encrypted version of your password. These encrypted versions can be broken by looking them up on the internet but only if you were stupid enough to use a password that was simple and not obscure. Banking issues are nonsense and hysterical. Think about how you enter your banking password/PIN/email address and you will see.

2. The Data Protection Act can be used against the people who hacked the board. However, one has to prove they took the email addresses and personal information as opposed to just having access to it. That is very hard to prove. Individual members can complain to the police but you will be lucky if the police decide to put resources into investigating your complaint.

3. The owners of this board must bear some responsibility for this. As features have been lost I gather the old board accrued features but security patches were not installed. This is not acceptable. I do not understand why security patches were not installed as they became available but can guess this was because of the features added and an unwillingness to risk having to reconfigure them as and when security patches were added.

4. No discussion board is 100% secure. A fact.

5. Board/Site wars are nothing new. If you have thousands of posts made by members, some will undoubtedly make posts that offend others. The nature of the internet means that offence can be taken and individuals or groups will try and inconvenience the board concerned. A new member on my board made a post containing a script that planted a "bomb" that shut down all members computers who were online at the time and opened the post, it also altered registry entries. Very nasty and inconvenient.

6. If you have a board yourself the path/route to certain features are easy to access on similar boards if you know the directory structure of the board involved. This is why certain folders and files should have their names altered for security. This can only be done by the owners of the board.

7. Never, I repeat, never trust anyone on a discussion board. Boards act as a magnet to narcissists and sociopaths. One can easily be led into doing things that under normal circumstances one would not do. Never give any personal information to anyone by U2U or email. It may seem common sense not to do these things but a board generates a feeling of community and one's guard is lowered after a time.

8. In the board T & C's it should be made clear you use the board at your own risk.

9. It seems user groups for admin's and mod's have been lost. It takes time for these to be restored but it may come as a warning to the board owners that sections of the board that may be segregated for certain user groups can never be secure. Private areas can be accessed in the event of a board breakdown and can cause acute embarrassment. It has happened to me. Edited: It seems some threads for the mod's are open to all users. Just the sort of thing that happens when user groups are messed with.

Good luck to the owners of the board and I wish you all the best in the future.

oh so the avatars won't be working for a while :bawling:

Hello there.

Personally, I did not access your database (or had anything to do with it for that matter) I'm sure tracking my IP will reveal I haven't actually done anything.

Anyway! to make it more clear to the members of this forum, I'm gonna post some honest facts!, I'm sure this post will be removed because basically, your admin has been ball****ting you.

1) Your admin was warned numerous times about the "security issue" (like 3 times over 6 months as a member from our side actually uses this forum lol..) his thread has actually been removed so its apparent the admin likes to be seen "superior" and not stupid.

2) Quotation "The database was viewable for about an hour" absolute pile of cr*p, about 3 days mate.. nice try

3) The MD5 hashes were easily crackable from what I was told, so just change your password anyway.

5) I am actually sorry to the members of this forum, I work closely to white hat hackers (good people) and only wished your admin took the warning signs seriously.

5) Your forum was penetrated through SQL injection. Look it up for more information

6) I highly suggest you move to MyBB, for the love of god please do... (much more secure)

7) hack forums . org /showthread.php?tid=132862

8) Admin please look at http://www.milw0rm.com/ for more information and exploits to patch

9) I missed 4) out.

:xyxwave: I wish you all the best.

^ LOL

Anyway, can we get the post deletion and Ignore functions back soon? I'm not bothered about the other aesthetical stuff, just want the rudimentary functions back.

The forum seems blank and empty without the banners but its really great that the forum is back, missed it yesterday!

Good luck with the updates mods and thanks for making this more secure.

Ahaha when I saw the downtime message, saying that some members were under 18/16 and it was being taken as a serious matter, I was gutted, I turned 18 last week, damn. Thank you to Mark and James for being pros!

I miss TiBB. Thanks for doing your best to make sure were all ok :)

Why isn't my banner appearing on certain posts I do?

My avatars gone

So did mine, it must have been a feature added on to upload them. In the basic one it requests a URL so I have given it the URL of the thumbnail used for mine on Facebook

For avatar sizes for big pictures do this.

Save picture on your computer

Resize it on this website http://www.online-image-editor.com/ to no bigger then 150 x 160.

Upload on http://tinypic.com/

Copy direct link code [Bottom line]

Then paste that link into your avatar URL thing in your profile.

Then your done.

Please help - I can't seem to get back onto the BB10 forum. Just keeps saying wepage not available. Then had problems logging in again, but now OK. Yet I can see posts have been posted. Need some reassurance! Security issues??

Welcome back everyone. :wavey:

I used to run a forum with 15,000 members. The forum used was Invision but the security issues were the same. May I just outline the following;

1. The password problem is being misunderstood. The hackers did not see your password, they saw an encrypted version of your password. These encrypted versions can be broken by looking them up on the internet but only if you were stupid enough to use a password that was simple and not obscure. Banking issues are nonsense and hysterical. Think about how you enter your banking password/PIN/email address and you will see.

2. The Data Protection Act can be used against the people who hacked the board. However, one has to prove they took the email addresses and personal information as opposed to just having access to it. That is very hard to prove. Individual members can complain to the police but you will be lucky if the police decide to put resources into investigating your complaint.

3. The owners of this board must bear some responsibility for this. As features have been lost I gather the old board accrued features but security patches were not installed. This is not acceptable. I do not understand why security patches were not installed as they became available but can guess this was because of the features added and an unwillingness to risk having to reconfigure them as and when security patches were added.

4. No discussion board is 100% secure. A fact.

5. Board/Site wars are nothing new. If you have thousands of posts made by members, some will undoubtedly make posts that offend others. The nature of the internet means that offence can be taken and individuals or groups will try and inconvenience the board concerned. A new member on my board made a post containing a script that planted a "bomb" that shut down all members computers who were online at the time and opened the post, it also altered registry entries. Very nasty and inconvenient.

6. If you have a board yourself the path/route to certain features are easy to access on similar boards if you know the directory structure of the board involved. This is why certain folders and files should have their names altered for security. This can only be done by the owners of the board.

7. Never, I repeat, never trust anyone on a discussion board. Boards act as a magnet to narcissists and sociopaths. One can easily be led into doing things that under normal circumstances one would not do. Never give any personal information to anyone by U2U or email. It may seem common sense not to do these things but a board generates a feeling of community and one's guard is lowered after a time.

8. In the board T & C's it should be made clear you use the board at your own risk.

9. It seems user groups for admin's and mod's have been lost. It takes time for these to be restored but it may come as a warning to the board owners that sections of the board that may be segregated for certain user groups can never be secure. Private areas can be accessed in the event of a board breakdown and can cause acute embarrassment. It has happened to me. Edited: It seems some threads for the mod's are open to all users. Just the sort of thing that happens when user groups are messed with.

Good luck to the owners of the board and I wish you all the best in the future.
Great post. :thumbs:

There is a problem with user accounts that have fewer than 3 letters. Anyone who has one of these and tries to log in will get a wrong password message. I will try and fix this.

Password Changed. Thanks for the information Mark/James

and um, I'm not defending anyone! I'm mates with Mark, and I know this wasn't his fault... or James'! It's just one of them things!

and if they actually can't access your internet bank account, why did you make such a fuss? I wouldn't be the boy who called wolf if I were you. If you are that annoyed with TiBB, just go! xD It's not hard not to type the URL in the search bar :3
Xx

Haha I love the xx at the end :laugh::tongue:
And yes, I agree with you there, bit silly using the same password for your bank, and it's not Mark or Jame's fault this all happened


Without the Xx, the post would be uncomplete. It's like going out the door without your shoes. It's silly! xD

Are the hm subforums going to stay separate from the main BB10 page? I miss them being at the top of the page, and not having to go out to get to them (I never venture into the other forums, only the BB10 one).

Missing karma too.

This is ****ed up.

As soon as I go away for a few days the forum nearly dies... :whistle:

And as soon as you come back, a little part of me dies.

And as soon as you come back, a little part of me dies.:dance:

Woah forum gone all wrong. I dont like how you cant see the last posted in threads

I've changed my password here, but isn't it a little too late, if things had already been compromised? Have I got to change my password everywhere else?

If you used the same password on your email as on the forum, yeah. :sad: Especially the e-mail password, and particularly if it was a simple one.

Glad it is back anyway and looking forward to it all getting back to normal soon =] And James+Mark, The new feature with the post count showing up, is good! Keep it =]

Yep, should keep the actual post count rather than 5000+ etc.

Also, Karma shouldn't come back.

Any idea when we will be able to edit Custom Status

Any idea when we will be able to edit Custom Status

Yeah i would like to know too, its been bugging me a bit cos i dont want the BB code to show in mine lol

As in the OP they are not going to do anything until after Big Brother finishes and then the entire future of TIBB will be discussed.

OMG it might be the end??

As in the OP they are not going to do anything until after Big Brother finishes and then the entire future of TIBB will be discussed.

Sounds very dramatic lol

it will probably just be talks of a forum re-design/re-shuffle and the forum will almost certainly have different priorities considering BB is being axed next year :thumbs:

Hopefull a new kind of face to the forum. I think they should Keep the name after Big Brother finishes. Everyone knows it as Thisisbigbrother and Big Brother is really to do with people watching you and as most are guessing it will be a reality tv forum, it fits in well as reality tv is basically "People Watching you"

I'm liking the little messages at the end of each thread saying which mod closed the thread and when.

Also, I really hate not having green font for "online" and red font for "offline".

If you used the same password on your email as on the forum, yeah. :sad: Especially the e-mail password, and particularly if it was a simple one.


Thank you James. I'm very new to the forum but already love it. I hope you get everything sorted and these people will be brought to justice.

question, mod pals -- people who had avatars before the website crashed no longer have them -- mine has disappeared -- when avatar functions are reinstated will the images that were there automatically reappear again?

You can still have avatars, you just have to host them externally eg on imageshack/photobucket.

I suspect uploaded files are all no more :bawling:

I dont like fact that the smiles for quick post dont change anymore. Ii liked them random.

I dont like fact that the smiles for quick post dont change anymore. Ii liked them random.

I didn't notice that
The only thing I really miss is the 'latest 25 posts' bit :bawling:

I dont like fact that the smiles for quick post dont change anymore. Ii liked them random.

I didn't notice that
The only thing I really miss is the 'latest 25 posts' bit :bawling:

damn

oh no

youtube videos are back! thanks admin :hello:

Really? thanks admins :thumbs:

nah actually they dont, but i think the embed code works now...check the derren brown thread in general chat

youtube videos are back! thanks admin :hello:

I checked a thread where I had embedded a few and they are not working :sad:

youtube videos are back! thanks admin :hello:

I checked a thread where I had embedded a few and they are not working :sad:

All videos and polls before it got hacked will not work. I noticed that.

Hmmm weird then. theres one working in the derren brown thread in general chat

Hmmm weird then. theres one working in the derren brown thread in general chat

That was posted AFTER it got hacked and ebbeded youtube code works. look below.

<object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/WQDFEv72e3U&hl=en&fs=1&"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/WQDFEv72e3U&hl=en&fs=1&" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object>

Quote this post and you will see the code.

Hmmm weird then. theres one working in the derren brown thread in general chat

That was posted AFTER it got hacked and ebbeded youtube code works. look below.

<object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/WQDFEv72e3U&hl=en&fs=1&"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/WQDFEv72e3U&hl=en&fs=1&" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object>

Quote this post and you will see the code.

Looking at the code that is quite involved, but I suspect the simplified version is not going to return for a while. :sad:

Hmmm weird then. theres one working in the derren brown thread in general chat

That was posted AFTER it got hacked and ebbeded youtube code works. look below.

<object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/WQDFEv72e3U&hl=en&fs=1&"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/WQDFEv72e3U&hl=en&fs=1&" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object>

Quote this post and you will see the code.

Looking at the code that is quite involved, but I suspect the simplified version is not going to return for a while. :sad:

The worst of it is that videos may of forced to remove the enbeded code ie copyright problems. Then with them videos you would need a link insted of a code.

This is trying that, and substituting a video of my own


<object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/wcuIJAgHIwc"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/wcuIJAgHIwc" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object>

Edit To get it to work you have to replace the standard Youtube URL with www.youtube.com/v/(code for the movie)